XSS vulnerability has been found in Skype shop website by Ucha Gobejishvili.

on Friday, February 24, 2012|

An Independent security Researcher Ucha Gobejishvili has discovered Cross Site Scripting(XSS) Vulnerability on the Skype's shop website(shop.skype.com) and in the Skype API site(api.skype.com)

The vulnerabilities have been reported to Skype by researcher and the company’s representatives redirected it to Microsoft’s Security Response Center (MSRC), they are now in the process of patching the vulnerability.

"vulnerabilities detected on shop.skype.com & api.skype.com, the vulnerability allows allows an attacker to hijack cookies via required user inter action. Successful exploitation of the bug can result in session hijacking and account steal." researcher explained about the Vulnerability risk.

He also found xss vulnerabilities in lot of high profile sites are listed in the XSSed.com website